RumorMill Setup Documentation

Restrictions



The Site Restrictions window lets you restrict which other machines have access to the server. Computers are restricted on the basis of their IP number. The server comes with a default mask permitting access by computers in the same subnet as the server (that is, the first three numbers in the IP number must match the server's).



Screen shot of Site Restrictions window


For instance, if the server is at the IP number 1.2.3.4, then by default any client coming from a machine with IP numbers between 1.2.3.1 and 1.2.3.255 can connect to the server. A computer with IP number 5.6.7.8 would not be permitted to connect. The IP mask for this configuration is 1.2.3.4/255.255.255.0. (The mask makes a lot more sense if you consider it as a binary number: 255 is 11111111 in binary, 0 is 00000000. 255 means match all bits, 0 means match no bits.)


More complex masks can be used like, 127.2.3.4/1.255.0.255, which would match all IP numbers between 1.2.1.4 and 1.2.255.4, 3.2.1.4 and 3.2.255.4, 5.2.1.4 and 5.2.1.4 and so on (that is the first number is odd and the remaining three are between .2.1.4 and .2.255.4). The ordering of the IP masks is important:  RumorMill starts at the top of the list and stops as soon as it finds a mask which specifically permits or denies the IP number. If it reaches the end of the list without specific reference the IP number is denied. Generally speaking more specific masks should be placed above more general masks.


RumorMill also adds a mask for each of the servers defined in the Newsfeed window (otherwise they would not be able to feed articles to RumorMill, and RumorMill would not feed articles to the Newsfeed). These masks will not show up in the Site Restrictions window because RumorMill generates them dynamically using a DNS lookup when it is run. That means that even if the server changes IP address RumorMill will (eventually!) allow it to connect (that is, as soon as RumorMill is reset).


Note: A finite number of Site Restrictions masks can be specified. The current maximum is 20.


The Site Restrictions window also allows you to check whether a particular IP number is permitted or denied using the Test IP number, which tests against the current list of masks.


Note that it is not possible to check against DNS names, for example, news.swaystairs.com, and use these to prohibit access. This is because DNS names can be 'spoofed' by other machines, that is pretented to be our example news.swaystairs.com, and thus DNS names are not secure way of restricting access.


Some Example Masks:



1.2.3.0/255.255.255.0/Permit: Allows all access in the C-Class domain 1.2.3

0.0.0.0/0.0.0.0/Permit: Permits everyone access

1.2.3.128/255.255.255.128/Permit: Permits everyone with an IP address of 1.2.3.128 or greater to connect.

0.0.0.1/0.0.0.255/Permit: Allows anyone with an IP adress who's last number is 1 to connect (eg 5.6.7.1, but not 5.6.7.81).






[ Previous (Newsfeeds) | Next (Security)  ]